Special: Data Privacy Day

Today businesses face increasingly sophisticated cyber threats that necessitate robust security measures. One such innovative approach gaining traction is the Security Operations Center as a Service (SOCaaS). This model offers organizations the opportunity to enhance their security operations efficiently and effectively by leveraging external expertise and advanced technologies.

The cybersecurity industry seems addicted to research but isn’t all that good at it. Mining the massive amount of data produced is daunting but crucial to everyone.

Surveys and studies are an important part of marketing form the cybersecurity industry. Cyber Protection magazine receives a lot of them. We read them all. In the two months before the RSA Conference, more than one a day came into our inbox. However, they are not a great source of independent data and insight.

Ignoring the cherry-picked data highlighting a particular company’s product or service, there are a few nuggets that, taken together, produce some interesting insights. Out of 60+ reports, we took a pass on any that were repetitive, were suspect methodologically, or effectively plagiarized from another source. We chose to look at seven with a solid methodology, representation of industry-wide concerns, and originality. The reports came from Dynatrace, Black Kite, SlashNext, Metomic, Originality AI, Logicgate, and Sophos. We found three common themes: The impact of AI on security, government regulation compliance, and understanding of security concerns on the C-suites and board levels.

Understanding security issues.

Almost every study has a common complaint. CISOs say application security is a blind spot at the CEO and board levels. They say increasing the visibility of their CEO and board into application security risk is urgently needed to enable more informed decisions to strengthen defenses.

However, Dynatrace’s study said CISOs fail to provide the C-suite and board members with clear insight into their organization’s application security risk posture. “This leaves executives blind to the potential effect of vulnerabilities and makes it difficult to make informed decisions to protect the organization from operational, financial, and reputational damage.”

Recent news shows the study may have a point. Marriott Hotels admitted that a 2018 breach was the result of inadequate encryption of customer data. In 2018 the company claimed their data was protected by 128-bit AES encryption when customer identity was only protected by an outdated hashing protocol. One can imagine the discussion between the CEO and the IT department:

CEO: is our data encrypted?
IT manager: Yeah, sort of.
CEO: OK, good enough

If the CEO doesn’t understand the difference between a hash and AES encryption, that’s a problem.

And there many be evidence that ignorance is widespread. Apricorn reported that the number of encrypted devices in surveyed companies had dropped from 80 percent to 20 percent between 2022 and 2023. Some of that could be attributed to work-from-home (WFH) growth in companies. It is also likely that companies over-reported what was encrypted simply because they did not understand what “encryption” meant. Once they learned the meaning, adjustments were made.

That lack of a foundational security technology could be a reason for the devastating growth in ransomware in the past two years.

APIs are often overlooked when it comes to securing a company's landscape. We sat down with Andy Grolnick, CEO at Graylog,to discuss the rapidly growing market of API security.

It’s World Backup Day. The technology landscape has changed, with (generative) AI all over the place and more cloud offerings on the market. What does that mean for Backups and how do companies ensure they have a solid backup strategy? We put together some commentaries on the subject…

GDPR, with its rigorous data protection standards and hefty fines for non-compliance, has heightened awareness about data privacy and reshaped the demand for cyber insurance.

Cyber insurance offers a financial safety net that can help organisations mitigate the potentially devastating financial impacts of cyber incidents, including data breaches, ransomware attacks, and other forms of cybercrime.

Organisations should consider cyber insurance as an integral component of their risk management strategy, particularly given the escalating landscape of cyber threats and regulatory requirements.